One thing that I have been a little lax about reporting is when SELinux has mitigated a vulnerability. This past week, two Samba vulnerabilities were fixed in an Red Hat Network Update. These fixes were available at the same time as public disclosure of the issues, There are no currently known public exploits of Samba available. This errata fixed two bugzillas #239774 and #239429. I would like to point out that even with these vulnerabilities being able to leverage a heap overflow to run arbitrary code on a recent RHEL is hard.

While no known Linux exploits for these vulnerabilities has been written, we believe that the executable memory process checks in SELinux would have prevented the exploit from executing writable memory. While the exploit might be able to take advantage of a buffer overflow, When the attacker tries to execute the code, SELinux would stop it. SELinux prevents Samba from allocating and using memory that is both writable by the process and executable.